2013 Annual Report

D. Office of Inspector General’s Assessment of the Management and Performance Challenges Facing the FDIC

Under the Reports Consolidation Act of 2000, the Office of Inspector General (OIG) identifies the management and performance challenges facing the FDIC and provides its assessment to the FDIC for inclusion in the FDIC's annual performance and accountability report. In doing so, we keep in mind the FDIC's overall program and operational responsibilities; financial industry, economic, and technological conditions and trends; areas of congressional interest and concern; relevant laws and regulations; the Chairman's priorities and corresponding corporate goals; and ongoing activities to address the issues involved. The OIG believes that the FDIC faces challenges in the areas listed below, as it continues to operate in a post-crisis environment.

Carrying Out Systemic Resolution Responsibilities

The Dodd-Frank Wall Street Reform and Consumer Protection Act (the Dodd-Frank Act) created a comprehensive new regulatory and resolution framework designed to avoid the severe consequences of financial instability. Title I of the Dodd-Frank Act provides tools for regulators to impose enhanced supervision and prudential standards on systemically important financial institutions (SIFIs). Title II provides the FDIC with a new orderly liquidation authority for SIFIs, subject to a systemic risk determination by statutorily-designated regulators.

The FDIC has made significant progress over the past three years toward implementing its systemic resolution authorities under the Dodd-Frank Act. Among other things, the FDIC has issued a joint regulation and met established time frames for completing reviews of resolution plans submitted by covered financial companies, entered into agreements with certain foreign regulatory authorities to promote cross-border cooperation, and developed a single-point-of-entry resolution strategy as a preferred approach for the orderly liquidation of covered financial companies under certain circumstances.

While these accomplishments are notable, challenges remain in establishing a robust corporate-wide capability for this critical responsibility. In the coming months, the FDIC will be working to enhance its strategic planning efforts, strengthen coordination among the various FDIC divisions involved in the resolution activities, and build out the Office of Complex Financial Institutions' infrastructure to support systemic resolution activities.

Strengthening IT Security and Governance

Key to achieving the FDIC's mission of maintaining stability and public confidence in the nation's financial system is safeguarding the sensitive information, including personally identifiable information that the FDIC collects and manages in its role as federal deposit insurer and regulator of
state non-member financial institutions. Further, as an employer, an acquirer of services, and a receiver for failed institutions, the FDIC obtains considerable amounts of sensitive information from its employees, contractors,
and failed institutions. Increasingly sophisticated security risks and global connectivity have resulted in both internal and external risks to that sensitive information. Internal risks include errors and fraudulent or malevolent acts by employees or contractors working within the organization. External threats include a growing number of cyber-based attacks that can come from a variety of sources, such as hackers, criminals, foreign nations, terrorists, and other adversarial groups. Such threats underscore the importance of a strong, enterprise-wide information security program.

During 2013, the FDIC Chairman announced significant changes to the FDIC's information security governance structure. These changes were intended to address current and emerging risks in the IT and information security environments. Among these changes, in April, the FDIC established the IT/Cyber Security Oversight Group to provide a senior-level forum for assessing cybersecurity threats and developments impacting the FDIC and the banking industry. In July 2013, the Chairman separated the roles and responsibilities of the Chief Information Officer (CIO) and Director, Division of Information Technology. Both positions had previously been held by the same individual. The position of CIO now reports directly to the FDIC Chairman. The CIO has broad strategic responsibility of IT governance, investments, program management, and information security. The CIO also serves as the FDIC's Chief Privacy Officer. Finally, the Chief Information Security Officer (CISO) and related staff, who had formerly reported to the Director of the Division of Information Technology, now report to the CIO. The purpose of this realignment was to ensure that the CISO has the ability to provide an independent perspective on security matters to the CIO and that the CIO has the authority and primary responsibility to implement an agency-wide information security program.

During 2014, a challenging priority for the FDIC will be to continue to adapt to these organizational changes as the new roles and responsibilities become ingrained in a changing environment and to ensure effective communication and collaboration among all parties involved in ensuring a robust and secure IT operating environment.

Maintaining Effective Supervision and Preserving Community Banking

The FDIC's supervision program promotes the safety
and soundness of FDIC-supervised IDIs. The FDIC is the primary federal regulator for 4,316 FDIC-insured, state-chartered institutions that are not members of the Federal Reserve Board. As such, the FDIC is the lead federal regulator for the majority of community banks. As the FDIC continues to operate in a post-crisis environment,
it must continue to apply lessons learned over the past years of turmoil. One key lesson is the need for earlier regulatory response when risks are building. For example, banks may be tempted to take additional risks or to loosen underwriting standards. Some banks are also introducing new products or lines of business or seeking new sources for non-interest income, all of which can lead to interest rate risk, credit risk, operational risk, and reputational risk. Additionally, with technological changes, increased use of technology service providers, new delivery channels, and cyber-threats, the FDIC's IT examination program needs to be proactive and bankers need to ensure a strong control environment and sound governance practices in their institutions. If the FDIC determines that an institution's condition is less than satisfactory, it may take a variety
of supervisory actions, including informal and formal enforcement actions against the institution or its directors and officers and others associated with the institution,
to address identified deficiencies and, in some cases, ultimately ban individuals from banking.

The Chairman has made it clear that one of the FDIC's most important priorities is the future of community banks and the critical role they play in the financial system and the U.S. economy as a whole. The FDIC undertook a comprehensive review of the U.S. community banking sector covering 27 years of data. Additionally, the FDIC has reviewed its examination, rulemaking, and guidance processes with a goal of identifying ways to make the supervisory process more efficient, consistent, and transparent—while maintaining safe and sound banking practices. Supplementing these activities were roundtable discussions with community bankers from around the country, and ongoing discussions with the FDIC's Advisory Committee on Community Banking. In response to concerns raised, the FDIC implemented a number of enhancements to its supervisory and rulemaking processes. For example, it restructured the pre-exam process. It is taking steps to improve communication with banks under its supervision by using Web-based tools. Finally, it has instituted a number of outreach and technical assistance initiatives for community bankers, which it expects
to continue.

A strong examination program, vigilant supervisory activities, effective enforcement actions and lessons learned in light of the recent crisis will be critical to the future
of community banks. These actions will also ensure stability and continued confidence in the financial system going forward.

Carrying Out Ongoing Resolution and Receivership Workload

In the recent financial crisis, the FDIC made extensive use of loss-share agreements (LSA) to facilitate the prompt transfer of failed bank assets to private management. In a loss share transaction, the FDIC as receiver agrees to share losses on certain assets with the acquirer. Under a typical LSA structure, the FDIC would assume 80 percent of future losses on troubled assets, with the acquiring institution assuming the remaining 20 percent. This partial indemnification against loss would induce risk-averse acquirers to take on these troubled assets under private management, and thus keep them out of a government-controlled receivership. It also provided an incentive for the acquirer to maximize net recoveries on those assets,  consistent with the fiduciary responsibility of the FDIC. Almost 65 percent of the bank failures since the beginning of 2008 through 2012 were resolved through whole-bank purchase and assumption transactions with LSAs.

As another resolution strategy, the FDIC employed structured transactions to minimize the FDIC's holding and asset management expenses for the assets by transferring the management responsibility to private-sector asset management experts. As receiver, the FDIC had completed 34 structured transactions through August 2013 involving 42,900 assets with a total unpaid principal balance of $26 billion. To ensure the FDIC receives the highest return on the assets and the managing members treat failed bank borrowers fairly, the FDIC must continue to monitor the managing member's compliance with the transaction agreements by reviewing regular reports, measuring actual performance against performance projections in the consolidated business plans, conducting regular site visitations, and thoroughly investigating borrower or guarantor complaints with regard to the servicing and dispositions of their loans by the managing members.

As the crisis continues to diminish, some of these agreements will be winding down. We have recommended that the FDIC develop a strategy for mitigating the impact of impending portfolio sales and LSA terminations on
the Deposit Insurance Fund (DIF) and that it ensure that procedures, processes, and resources are sufficient to address the volume of terminations and potential requests for asset sales. Given the dollar value and risks associated with the structured transactions, the FDIC needs to ensure continuous monitoring and effective oversight in the interest of receiving a high return on assets.

Ensuring the Continued Strength of the Insurance Fund

Insuring deposits remains at the heart of the FDIC's commitment to maintain stability and public confidence in the nation's financial system. To maintain sufficient DIF balances, the FDIC collects risk-based insurance premiums from insured institutions and invests deposit insurance funds.

In the aftermath of the financial crisis, FDIC-insured institutions continue to make gradual but steady progress. Continuing to replenish the DIF in a post-crisis environment is a critical activity for the FDIC. The DIF balance had dropped below negative $20 billion during the worst time of the crisis. At year-end 2013, the balance was $47.2 billion, reflecting 16 consecutive quarters of positive growth. Assessment revenue and a decline in loss provisions for anticipated bank failures have been the impetus for the increase in the fund balance.

While the fund is considerably stronger than it has been, the FDIC must continue to monitor the emerging risks that can threaten fund solvency in the interest of continuing to provide the insurance coverage that depositors have come to rely upon. Given the volatility of the global markets and financial systems, new risks can emerge without warning and threaten the safety and soundness of U.S. financial institutions and the viability of the DIF. The FDIC must be prepared for such a possibility.

Promoting Consumer Protections and Economic Inclusion

The FDIC carries out its consumer protection role by providing consumers with access to information about their rights and disclosures that are required by federal laws and regulations. Importantly, it also examines the banks where the FDIC is the primary federal regulator to determine the institutions' compliance with laws and regulations governing consumer protection, fair lending, and community investment. The FDIC also coordinates with the Consumer Financial Protection Board (CFPB), created under the Dodd-Frank Act, on consumer issues of mutual interest.

The FDIC continues to work with the Congress and others to ensure that the banking system remains sound and that the broader financial system is positioned to meet the credit needs of consumers and the economy, especially the needs of creditworthy households that may experience distress. A challenging priority articulated by the Chairman is to continue to increase access to financial services for the unbanked and underbanked in the United States. Efforts in this regard include the FDIC's biennial survey conducted jointly with the Census Bureau to assess the overall population's access to insured institutions. Additionally, the FDIC's Advisory Committee on Economic Inclusion, composed of bankers, community and consumer organizations, and academics, explores strategies to bring the unbanked into the financial mainstream. The FDIC's Alliance for Economic Inclusion initiative seeks to collaborate with financial institutions; community organizations; local, state, and federal agencies; and other partners to form broad-based coalitions to bring unbanked and underbanked consumers and small businesses into the financial mainstream.

Successful activities in pursuit of this priority will continue to require effort on the part of the FDIC going forward. The FDIC will need to sustain ongoing efforts to carry out required compliance and community reinvestment examinations, coordinate with CFPB on regulatory matters involving financial products and services, and pursue economic inclusion initiatives to the benefit of the American public.

Implementing Workforce Changes and Budget Reductions

As the number of financial institution failures continues to decline, the FDIC is reshaping its workforce and adjusting its budget and human resources as it seeks a balanced approach to managing costs while achieving mission responsibilities. The FDIC closed two temporary offices charged with managing receivership activities and asset sales: the West Coast Office and the Midwest Office in January 2012, and September 2012, respectively. It plans to close the East Coast Office in April 2014.

The Board of Directors approved a $2.4 billion Corporate Operating Budget for 2014, 11 percent lower than the 2013 budget. In conjunction with its approval of the 2014 budget, the Board also approved an authorized 2014 staffing level of 7,199 positions, down from 8,053 currently authorized, a net reduction of 854 positions. This is the third consecutive reduction in the FDIC's annual operating budget, and the 2014 budget is the lowest annual budget since 2008.

As conditions improve throughout the industry and the economy, the FDIC and staff are adjusting to a new work environment and workplace. For all employees, in light of a post-crisis, transitioning workplace, the FDIC will seek to sustain its emphasis on fostering employee engagement and morale. Its diversity and inclusion initiatives, along with its new Workplace Excellence Program are positive steps in that direction and should continue to yield positive results.

Ensuring Effective Enterprise Risk Management

A key component of corporate governance at the FDIC
is the Board of Directors. The Board will likely face challenges in leading the organization, accomplishing the Chairman's priority initiatives, and coordinating with the other regulatory agencies on issues of mutual concern and shared responsibility. Enterprise risk management is a related aspect of governance at the FDIC. Notwithstanding a stronger economy and financial services industry, the FDIC's enterprise risk management framework and related activities need to be attuned to emerging risks, both internal and external to the FDIC that can threaten corporate success. Individuals at every working level throughout the FDIC need to understand current and emerging risks and be ready to take necessary steps to mitigate those risks as changes occur and challenging scenarios present themselves.